Skip to main content

Home/ Socialism and the End of the American Dream/ Group items tagged Hacking-Team

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
Paul Merrell

Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech | Motherboard - 0 views

motherboard.vice.com/...-buying-hacking-teams-spy-tech

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • They say what goes around comes around, and there's perhaps nowhere that rings more true than in the world of government surveillance. Such was the case on Monday morning when Hacking Team, the Italian company known for selling electronic intrusion tools to police and federal agencies around the world, awoke to find that it had been hacked itself—big time—apparently exposing its complete client list, email spools, invoices, contracts, source code, and more. Those documents show that not only has the company been selling hacking tools to a long list of foreign governments with dubious human rights records, but it’s also establishing a nice customer base right here in the good old US of A. The cache, which sources told Motherboard is legitimate, contains more than 400 gigabytes of files, many of which confirm previous reports that the company has been selling industrial-grade surveillance software to authoritarian governments. Hacking Team is known in the surveillance world for its flagship hacking suite, Remote Control System (RCS) or Galileo, which allows its government and law enforcement clients to secretly install “implants” on remote machines that can steal private emails, record Skype calls, and even monitor targets through their computer's webcam. Hacking Team in North America
  • According to leaked contracts, invoices and an up-to-date list of customer subscriptions, Hacking Team’s clients—which the company has consistently refused to name—also include Kazakhstan, Azerbaijan, Oman, Saudi Arabia, Uzbekistan, Bahrain, Ethiopia, Nigeria, Sudan and many others. The list of names matches the findings of Citizen Lab, a research lab at the University of Toronto's Munk School of Global Affairs that previously found traces of Hacking Team on the computers of journalists and activists around the world. Last year, the Lab's researchers mapped out the worldwide collection infrastructure used by Hacking Team's customers to covertly transport stolen data, unveiling a massive network comprised of servers based in 21 countries. Reporters Without Borders later named the company one of the “Enemies of the Internet” in its annual report on government surveillance and censorship.
  • we’ve only scratched the surface of this massive leak, and it’s unclear how Hacking Team will recover from having its secrets spilling across the internet for all to see. In the meantime, the company is asking all customers to stop using its spyware—and likely preparing for the worst.
Paul Merrell

Spy Tech Company 'Hacking Team' Gets Hacked | Motherboard - 0 views

motherboard.vice.com/...mpany-hacking-team-gets-hacked

surveillance-state Hacking-Team hacking-the-spies

shared by Paul Merrell on 06 Jul 15 - No Cached
  • Sometimes even the cops get robbed. The controversial Italian surveillance company Hacking Team, which sells spyware to governments all around the world, including agencies in Ethiopia, Morocco, the United Arab Emirates, as well as the US Drug Enforcement Administration, appears to have been seriously hacked. Hackers have made 500 GB of client files, contracts, financial documents, and internal emails, some as recent as 2015, publicly available for download. Hacking Team’s spokesperson Eric Rabe did not immediately respond to Motherboard’s calls and email asking for verification that the hacked information is legitimate. Without confirmation from the company itself, it’s difficult to know what percentage of the files are real—however, based on the sheer size of the breach and the information in the files, the hack appears to be authentic. What’s more, the unknown hackers announced their feat through Hacking Team’s own Twitter account.
  • he hackers composed the tweets as if they were written by Hacking Team. “Since we have nothing to hide, we're publishing all our e-mails, files, and source code,” the hackers wrote in a tweet, which included the link to around 500 Gb of files. The hackers also started tweeting a few samples of internal emails from the company. One of the screenshots shows an email dated 2014 from Hacking Team’s founder and CEO David Vincenzetti to another employee. In the email, titled “Yet another Citizen Lab attack,” Vincenzetti links to a report from the online digital rights research center Citizen Lab, at the University of Toronto’s Munk School of Global Affairs, which has exposed numerous cases of abuse from Hacking Team’s clients. Hacking Team has never revealed a list of its clients, and has always and repeatedly denied selling to sketchy governments, arguing that it has an internal procedure to address human rights concerns about prospective customers.
  • It’s unclear exactly how much the hackers got their hands on, but judging from the size of the files, it’s certainly a large collection of internal files. A source who asked to speak anonymously due to the sensitivity of the issue, told me that based on the file names and folders in the leak, the hackers who hit Hacking Team "got everything." A few hours after the initial hack, a list of alleged Hacking Team customers was posted on Pastebin. The list includes past and current customers. Among the most notable, there are a few that were previously unknown, such as the FBI, Chile, Australia, Spain, and Iraq, among others.
  • ...1 more annotation...
  • The breach on Hacking Team comes almost a year after another surveillance tech company, the competing FinFisher, was hacked in a similar way, with a hacker leaking 40 Gb of internal files. FinFisher, like Hacking Team, sells surveillance software to law enforcement agencies across the world. Their software, once surreptitiously installed on a target’s cell phone or computer, can be used to monitor the target’s communications, such as phone calls, text messages, Skype calls, or emails. Operators can also turn on the target’s webcam and exfiltrate files from the infected device.
Paul Merrell

Hacking Team Asks Customers to Stop Using Its Software After Hack | Motherboard - 0 views

motherboard.vice.com/...-using-its-software-after-hack

surveillance state Hacking-Team hacked

shared by Paul Merrell on 07 Jul 15 - No Cached
  • But the hack hasn’t just ruined the day for Hacking Team’s employees. The company, which sells surveillance software to government customers all over the world, from Morocco and Ethiopia to the US Drug Enforcement Agency and the FBI, has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned. “They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.
  • Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said. On Sunday night, an unnamed hacker, who claimed to be the same person who breached Hacking Team’s competitor FinFisher last year, hijacked its Twitter account and posted links to 400GB of internal data. Hacking Team woke up to a massive breach of its systems.
  • A source told Motherboard that the hackers appears to have gotten “everything,” likely more than what the hacker has posted online, perhaps more than one terabyte of data. “The hacker seems to have downloaded everything that there was in the company’s servers,” the source, who could only speak on condition of anonymity, told Motherboard. “There’s pretty much everything here.” It’s unclear how the hackers got their hands on the stash, but judging from the leaked files, they broke into the computers of Hacking Team’s two systems administrators, Christian Pozzi and Mauro Romeo, who had access to all the company’s files, according to the source. “I did not expect a breach to be this big, but I’m not surprised they got hacked because they don’t take security seriously,” the source told me. “You can see in the files how much they royally fucked up.”
  • ...2 more annotations...
  • For example, the source noted, none of the sensitive files in the data dump, from employees passports to list of customers, appear to be encrypted. “How can you give all the keys to your infrastructure to a 20-something who just joined the company?” he added, referring to Pozzi, whose LinkedIn shows he’s been at Hacking Team for just over a year. “Nobody noticed that someone stole a terabyte of data? You gotta be a fuckwad,” the source said. “It means nobody was taking care of security.”
  • The future of the company, at this point, it’s uncertain. Employees fear this might be the beginning of the end, according to sources. One current employee, for example, started working on his resume, a source told Motherboard. It’s also unclear how customers will react to this, but a source said that it’s likely that customers from countries such as the US will pull the plug on their contracts. Hacking Team asked its customers to shut down operations, but according to one of the leaked files, as part of Hacking Team’s “crisis procedure,” it could have killed their operations remotely. The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about. To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
Paul Merrell

Hacking Team: the Hack on Us Was Not Done by 'Some Random Guy' | Motherboard - 0 views

motherboard.vice.com/...as-not-done-by-some-random-guy

surveillance state Hacking-Team breach admissions

shared by Paul Merrell on 08 Jul 15 - No Cached
  • Almost 48 hours after an unnamed hacker announced the breach of Hacking Team, exposing more than 400GB of secrets, the Italian surveillance tech company is investigating what happened, and coming out of its radio silence. The cyberintrusion, which was “quite sophisticated,” was likely the work of people “with a lot of expertise,” according to the company spokesperson Eric Rabe, who spoke with Motherboard on the phone from Milan, where he flew after finding out about the attack.
  • Paul Merrell on 08 Jul 15
     
    Hacking Team admits that the hack occurred and that the documents are genuine.
Paul Merrell

FBI Director: Sony's 'Sloppy' North Korean Hackers Revealed Their IP Addresses | WIRED - 0 views

www.wired.com/...s-failed-use-proxies-sony-hack

war & peace cyberwar North-Korea Sony-hack FBI Comey

shared by Paul Merrell on 08 Jan 15 - No Cached
  • The Obama administration has been tightlipped about its controversial naming of the North Korean government as the definitive source of the hack that eviscerated Sony Pictures Entertainment late last year. But FBI director James Comey is standing by the bureau’s conclusion, and has offered up a few tiny breadcrumbs of the evidence that led to it. Those crumbs include the claim that Sony hackers sometimes failed to use the proxy servers that masked the origin of their attack, revealing IP addresses that the FBI says were used exclusively by North Korea. Speaking at a Fordham Law School cybersecurity conference Wednesday, Comey said that he has “very high confidence” in the FBI’s attribution of the attack to North Korea. And he named several of the sources of his evidence, including a “behavioral analysis unit” of FBI experts trained to psychologically analyze foes based on their writings and actions. He also said that the FBI compared the Sony attack with their own “red team” simulations to determine how the attack could have occurred. And perhaps most importantly, Comey now says that the hackers in the attack failed on multiple occasions to use the proxy servers that bounce their Internet connection through an obfuscating computer somewhere else in the world, revealing IP addresses that tied them to North Koreans.
  • “In nearly every case, [the Sony hackers known as the Guardians of Peace] used proxy servers to disguise where they were coming from in sending these emails and posting these statements. But several times they got sloppy,” Comey said. “Several times, either because they forgot or because of a technical problem, they connected directly and we could see that the IPs they were using…were exclusively used by the North Koreans.” “They shut it off very quickly once they saw the mistake,” he added. “But not before we saw where it was coming from.” Comey’s brief and cryptic remarks—with no opportunity for followup questions from reporters—respond to skepticism and calls for more evidence from cybersecurity experts unsatisfied with the FBI’s vague statements tying the hack to North Korean government. In a previous public announcement the FBI had said only that it found “similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” as well as IP addresses that matched prior attacks it knows to have originated in North Korea. At that time, the FBI also said it had further evidence matching the tools used in the attack to a North Korean hacking attack that hit South Korean banks and media outlets.
  • Following those elliptical statements, the cybersecurity community demanded more information be released to prove North Korea’s involvement. Some have even signed a petition on the White House website calling for more transparency in the investigation. Well-known security blogger and author Bruce Schneier has compared the FBI’s “trust us” mentality to the claims of the Bush administration about Saddam Hussein’s nonexistent weapons of mass destruction in the run-up to the Iraq War. Without more information, security experts themselves have remained deeply divided in their conclusions about who hacked Sony.
  • ...1 more annotation...
  • That pseudo-explanation will likely do little to quell the security community’s doubts. Even if the hackers appeared to fail to use proxies on some occasions, it could still be very difficult to be sure those “real” IP addresses weren’t proxies themselves designed to serve as further misdirection. And a nagging loose thread remains that the Guardians of Peace hackers in their initial statements to Sony tried to extort money from the company before making any political demands. Sony’s Kim Jong-un assassination comedy “The Interview,” the suppression of which is believed by many to be the North Korean government’s motive in the hack, wasn’t even mentioned by the hackers until long after the intrusion was underway. Comey didn’t address that plot hole in the North Korean explanation in his speech.
Paul Merrell

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide - The Intercept - 0 views

firstlook.org/...hacking-team

surveillance state Hacking-Team Remote-Control-System FinFisher

shared by Paul Merrell on 31 Oct 14 - No Cached
  • When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept. We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
  • The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.
Paul Merrell

Top spy: Despite intelligence 'war' with Russians, it's too soon to blame them for DNC ... - 0 views

www.politico.com/...dnc-hack-russia-226384

Auction 2016 DNC-hack emails Clapper Russians

shared by Paul Merrell on 31 Jul 16 - No Cached
  • Spy chief James Clapper said Thursday that U.S. intelligence services are facing a "version of war" with Russia — but it's too soon to blame the old Cold War rival for hacking the Democratic National Committee's emails. He said it's also too early to say whether the people who leaked those emails are trying to throw the presidential election to Donald Trump, as Hillary Clinton's campaign has charged. Story Continued Below "I don't think we're quite ready yet to make a call on attribution," Clapper said at the Aspen Security Forum in Colorado. "There are just a few usual suspects out there." Additionally, he said, "We don't know enough to ascribe motivation regardless of who it might have been." The reasons for the administration's reluctance to assign blame are a combination of two factors, Clapper said: uncertainty about whether the Russians are the culprits, and the lack of a decision yet on whether the U.S. should "name and shame" them if indeed they committed the cyberattack. No one should be "hyperventilating" about the hack, though, he said. "I'm shocked somebody did some hacking," he said, sarcastically taking the voice of someone who was surprised. "That's never happened before."
  • Paul Merrell on 31 Jul 16
     
    In other words, Clapper is saying that Team Hillary is trying to change the subject from the content of the DNC emails to bl;aming the Russians for the hack, without sufficient evidence to do so. Of course Hillary wants the subject changed. But will she get a way with it?
Paul Merrell

NSA Director Finally Admits Encryption Is Needed to Protect Public's Privacy - 0 views

www.mintpressnews.com/...213028

surveillance state encryption NSA Comey

shared by Paul Merrell on 25 Jan 16 - No Cached
  • NSA Director Finally Admits Encryption Is Needed to Protect Public’s Privacy The new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. By Carey Wedler | AntiMedia | January 22, 2016 Share this article! https://mail.google.com/mail/?view=cm&fs=1&to&su=NSA%20Director%20Finally%20Admits%20Encryption%20Is%20Needed%20to%20Protect%20Public%E2%80%99s%20Privacy&body=http%3A%2F%2Fwww.mintpress
  • At the same hearing, Comey and Attorney General Loretta Lynch declined to comment on whether they had proof the Paris attackers used encryption. Even so, Comey recently lobbied for tech companies to do away with end-to-end encryption. However, his crusade has fallen on unsympathetic ears, both from the private companies he seeks to control — and from the NSA. Prior to Rogers’ statements in support of encryption Thursday, former NSA chief Michael Hayden said, “I disagree with Jim Comey. I actually think end-to-end encryption is good for America.” Still another former NSA chair has criticized calls for backdoor access to information. In October, Mike McConnell told a panel at an encryption summit that the United States is “better served by stronger encryption, rather than baking in weaker encryption.” Former Department of Homeland Security chief, Michael Chertoff, has also spoken out against government being able to bypass encryption.
  • Rogers cited the recent Office of Personnel Management hack of over 20 million users as a reason to increase encryption rather than scale it back. “What you saw at OPM, you’re going to see a whole lot more of,” he said, referring to the massive hack that compromised the personal data about 20 million people who obtained background checks. Rogers’ comments, while forward-thinking, signify an about face in his stance on encryption. In February 2015, he said he “shares [FBI] Director [James] Comey’s concern” about cell phone companies’ decision to add encryption features to their products. Comey has been one loudest critics of encryption. However, Rogers’ comments on Thursday now directly conflict with Comey’s stated position. The FBI director has publicly chastised encryption, as well as the companies that provide it. In 2014, he claimed Apple’s then-new encryption feature could lead the world to “a very dark place.” At a Department of Justice hearing in November, Comey testified that “Increasingly, the shadow that is ‘going dark’ is falling across more and more of our work.” Though he claimed, “We support encryption,” he insisted “we have a problem that encryption is crashing into public safety and we have to figure out, as people who care about both, to resolve it. So, I think the conversation’s in a healthier place.”
  • ...2 more annotations...
  • Regardless of these individual defenses of encryption, the Intercept explained why these statements may be irrelevant: “Left unsaid is the fact that the FBI and NSA have the ability to circumvent encryption and get to the content too — by hacking. Hacking allows law enforcement to plant malicious code on someone’s computer in order to gain access to the photos, messages, and text before they were ever encrypted in the first place, and after they’ve been decrypted. The NSA has an entire team of advanced hackers, possibly as many as 600, camped out at Fort Meade.”
  • Rogers statements, of course, are not a full-fledged endorsement of privacy, nor can the NSA be expected to make it a priority. Even so, his new stance denotes a growing awareness within the government that Americans are not comfortable with the State’s grip on their data. “So spending time arguing about ‘hey, encryption is bad and we ought to do away with it’ … that’s a waste of time to me,” Rogers said Thursday. “So what we’ve got to ask ourselves is, with that foundation, what’s the best way for us to deal with it? And how do we meet those very legitimate concerns from multiple perspectives?”
Paul Merrell

Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise - The Intercept - 0 views

firstlook.org/...-nsa-gchq-rely-intel-expertise

surveillance state NSA-targets hackers

shared by Paul Merrell on 05 Feb 15 - No Cached
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
  • By looking out for hacking conducted “both by state-sponsored and freelance hackers” and riding on the coattails of hackers, Western intelligence agencies have gathered what they regard as valuable content: Recently, Communications Security Establishment Canada (CSEC) and Menwith Hill Station (MHS) discovered and began exploiting a target-rich data set being stolen by hackers. The hackers’ sophisticated email-stealing intrusion set is known as INTOLERANT. Of the traffic observed, nearly half contains category hits because the attackers are targeting email accounts of interest to the Intelligence Community. Although a relatively new data source, [Target Offices of Primary Interest] have already written multiple reports based on INTOLERANT collect. The hackers targeted a wide range of diplomatic corps, human rights and democracy activists and even journalists: INTOLERANT traffic is very organized. Each event is labeled to identify and categorize victims. Cyber attacks commonly apply descriptors to each victim – it helps herd victims and track which attacks succeed and which fail. Victim categories make INTOLERANT interesting: A = Indian Diplomatic & Indian Navy B = Central Asian diplomatic C = Chinese Human Rights Defenders D = Tibetan Pro-Democracy Personalities E = Uighur Activists F = European Special Rep to Afghanistan and Indian photo-journalism G = Tibetan Government in Exile
  • In those cases, the NSA and its partner agencies in the United Kingdom and Canada were unable to determine the identity of the hackers who collected the data, but suspect a state sponsor “based on the level of sophistication and the victim set.” In instances where hacking may compromise data from the U.S. and U.K. governments, or their allies, notification was given to the “relevant parties.” In a separate document, GCHQ officials discuss plans to use open source discussions among hackers to improve their own knowledge. “Analysts are potentially missing out on valuable open source information relating to cyber defence because of an inability to easily keep up to date with specific blogs and Twitter sources,” according to one document. GCHQ created a program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. The Twitter accounts designated for collection in the 2012 document:
  • ...3 more annotations...
  • Documents published with this article: LOVELY HORSE – GCHQ Wiki Overview INTOLERANT – Who Else Is Targeting Your Target? Collecting Data Stolen by Hackers – SIDtoday  HAPPY TRIGGER/LOVELY HORSE/Zool/TWO FACE – Open Source for Cyber Defence/Progress NATO Civilian Intelligence Council – Cyber Panel – US Talking Points
  • These accounts represent a cross section of the hacker community and security scene. In addition to monitoring multiple accounts affiliated with Anonymous, GCHQ monitored the tweets of Kevin Mitnick, who was sent to prison in 1999 for various computer and fraud related offenses. The U.S. Government once characterized Mitnick as one of the world’s most villainous hackers, but he has since turned security consultant and exploit broker. Among others, GCHQ monitored the tweets of reverse-engineer and Google employee, Thomas Dullien. Fellow Googler Tavis Ormandy, from Google’s vulnerability research team Project Zero, is featured on the list, along with other well known offensive security researchers, including Metasploit’s HD Moore and James Lee (aka Egypt) together with Dino Dai Zovi and Alexander Sotirov, who at the time both worked for New York-based offensive security company, Trail of Bits (Dai Zovi has since taken up a position at payment company, Square). The list also includes notable anti-forensics and operational security expert “The Grugq.” GCHQ monitored the tweets of former NSA agents Dave Aitel and Charlie Miller, and former Air Force intelligence officer Richard Bejtlich as well as French exploit vendor, VUPEN (who sold a one year subscription for its binary analysis and exploits service to the NSA in 2012).
  • The U.S., U.K. and Canadian governments characterize hackers as a criminal menace, warn of the threats they allegedly pose to critical infrastructure, and aggressively prosecute them, but they are also secretly exploiting their information and expertise, according to top secret documents. In some cases, the surveillance agencies are obtaining the content of emails by monitoring hackers as they breach email accounts, often without notifying the hacking victims of these breaches. “Hackers are stealing the emails of some of our targets… by collecting the hackers’ ‘take,’ we . . .  get access to the emails themselves,” reads one top secret 2010 National Security Agency document. These and other revelations about the intelligence agencies’ reliance on hackers are contained in documents provided by whistleblower Edward Snowden. The documents—which come from the U.K. Government Communications Headquarters agency and NSA—shed new light on the various means used by intelligence agencies to exploit hackers’ successes and learn from their skills, while also raising questions about whether governments have overstated the threat posed by some hackers.
Paul Merrell

Researcher who joked about hacking a jet plane barred from United flight | Ars Technica - 0 views

arstechnica.com/...lane-barred-from-united-flight

surveillance state FBI social-media-monitoring

shared by Paul Merrell on 15 May 15 - No Cached
  • A researcher who specializes in the security of commercial airplanes was barred from a United Airlines flight Saturday, three days after he tweeted a poorly advised joke mid-flight about hacking a key communications system of the plane he was in. Chris Roberts was detained by FBI agents on Wednesday as he was deplaning his United flight, which had just flown from Denver to Syracuse, New York. While on board the flight, he tweeted a joke about taking control of the plane's engine-indicating and crew-alerting system, which provides flight crews with information in real-time about an aircraft's functions, including temperatures of various equipment, fuel flow and quantity, and oil pressure. In the tweet, Roberts jested: "Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? 'PASS OXYGEN ON' Anyone ? :)" FBI agents questioned Roberts for four hours and confiscated his iPad, MacBook Pro, and storage devices.
  • Paul Merrell on 15 May 15
     
    Bruce Schneier's take on this: "But to me, the fascinating part of this story is that a computer was monitoring the Twitter feed and understood the obscure references, alerted a person who figured out who wrote them, researched what flight he was on, and sent an FBI team to the Syracuse airport within a couple of hours. There's some serious surveillance going on. Now, it is possible that Roberts was being specifically monitored. He is already known as a security researcher who is working on avionics hacking. But still..." Some serious surveillance, indeed. And does the FBI have its own social media monitoring program or is this the result of a tip from the NSA, which assuredly does have a social media surveillance capability?  Consider the short time between the post and interception by FBI agents at the airport and all of the steps it takes to accomplish that feat. I come up with a system that is directly harvesting tweets as they are transmitted, not a web crawler. A huge amount of automation to identify the tweet as a potential threat and get it to someone with the vocabulary to understand the message. And another round of automation to get the import of the post to an FBI dispatcher who sends the agents to the airport armed with the information needed to question the tweeter for four hours on an esoteric subject. That's astounding to me.  
Paul Merrell

The Digital Hunt for Duqu, a Dangerous and Cunning U.S.-Israeli Spy Virus - The Intercept - 0 views

firstlook.org/...stuxnet

surveillance state cyberwar Stuxnet

shared by Paul Merrell on 14 Nov 14 - No Cached
  • “Is this related to what we talked about before?” Bencsáth said, referring to a previous discussion they’d had about testing new services the company planned to offer customers. “No, something else,” Bartos said. “Can you come now? It’s important. But don’t tell anyone where you’re going.” Bencsáth wolfed down the rest of his lunch and told his colleagues in the lab that he had a “red alert” and had to go. “Don’t ask,” he said as he ran out the door. A while later, he was at Bartos’ office, where a triage team had been assembled to address the problem they wanted to discuss. “We think we’ve been hacked,” Bartos said.
  • They found a suspicious file on a developer’s machine that had been created late at night when no one was working. The file was encrypted and compressed so they had no idea what was inside, but they suspected it was data the attackers had copied from the machine and planned to retrieve later. A search of the company’s network found a few more machines that had been infected as well. The triage team felt confident they had contained the attack but wanted Bencsáth’s help determining how the intruders had broken in and what they were after. The company had all the right protections in place—firewalls, antivirus, intrusion-detection and -prevention systems—and still the attackers got in.
  • Bencsáth was a teacher, not a malware hunter, and had never done such forensic work before. At the CrySyS Lab, where he was one of four advisers working with a handful of grad students, he did academic research for the European Union and occasional hands-on consulting work for other clients, but the latter was mostly run-of-the-mill cleanup work—mopping up and restoring systems after random virus infections. He’d never investigated a targeted hack before, let alone one that was still live, and was thrilled to have the chance. The only catch was, he couldn’t tell anyone what he was doing. Bartos’ company depended on the trust of customers, and if word got out that the company had been hacked, they could lose clients. The triage team had taken mirror images of the infected hard drives, so they and Bencsáth spent the rest of the afternoon poring over the copies in search of anything suspicious. By the end of the day, they’d found what they were looking for—an “infostealer” string of code that was designed to record passwords and other keystrokes on infected machines, as well as steal documents and take screenshots. It also catalogued any devices or systems that were connected to the machines so the attackers could build a blueprint of the company’s network architecture. The malware didn’t immediately siphon the stolen data from infected machines but instead stored it in a temporary file, like the one the triage team had found. The file grew fatter each time the infostealer sucked up data, until at some point the attackers would reach out to the machine to retrieve it from a server in India that served as a command-and-control node for the malware.
  • ...1 more annotation...
  • Bencsáth took the mirror images and the company’s system logs with him, after they had been scrubbed of any sensitive customer data, and over the next few days scoured them for more malicious files, all the while being coy to his colleagues back at the lab about what he was doing. The triage team worked in parallel, and after several more days they had uncovered three additional suspicious files. When Bencsáth examined one of them—a kernel-mode driver, a program that helps the computer communicate with devices such as printers—his heart quickened. It was signed with a valid digital certificate from a company in Taiwan (digital certificates are documents ensuring that a piece of software is legitimate). Wait a minute, he thought. Stuxnet—the cyberweapon that was unleashed on Iran’s uranium-enrichment program—also used a driver that was signed with a certificate from a company in Taiwan. That one came from RealTek Semiconductor, but this certificate belonged to a different company, C-Media Electronics. The driver had been signed with the certificate in August 2009, around the same time Stuxnet had been unleashed on machines in Iran.
Paul Merrell

Operation AURORAGOLD: How the NSA Hacks Cellphone Networks Worldwide - 0 views

firstlook.org/...nsa-auroragold-hack-cellphones

surveillance state NSA NSA-methods cell-network-penetration AURORAGOLD

shared by Paul Merrell on 06 Dec 14 - No Cached
  • In March 2011, two weeks before the Western intervention in Libya, a secret message was delivered to the National Security Agency. An intelligence unit within the U.S. military’s Africa Command needed help to hack into Libya’s cellphone networks and monitor text messages. For the NSA, the task was easy. The agency had already obtained technical information about the cellphone carriers’ internal systems by spying on documents sent among company employees, and these details would provide the perfect blueprint to help the military break into the networks. The NSA’s assistance in the Libya operation, however, was not an isolated case. It was part of a much larger surveillance program—global in its scope and ramifications—targeted not just at hostile countries.
  • According to documents contained in the archive of material provided to The Intercept by whistleblower Edward Snowden, the NSA has spied on hundreds of companies and organizations internationally, including in countries closely allied to the United States, in an effort to find security weaknesses in cellphone technology that it can exploit for surveillance. The documents also reveal how the NSA plans to secretly introduce new flaws into communication systems so that they can be tapped into—a controversial tactic that security experts say could be exposing the general population to criminal hackers. Codenamed AURORAGOLD, the covert operation has monitored the content of messages sent and received by more than 1,200 email accounts associated with major cellphone network operators, intercepting confidential company planning papers that help the NSA hack into phone networks.
  • Karsten Nohl, a leading cellphone security expert and cryptographer who was consulted by The Intercept about details contained in the AURORAGOLD documents, said that the broad scope of information swept up in the operation appears aimed at ensuring virtually every cellphone network in the world is NSA accessible.
  • ...11 more annotations...
  • “Collecting an inventory [like this] on world networks has big ramifications,” Nohl said, because it allows the NSA to track and circumvent upgrades in encryption technology used by cellphone companies to shield calls and texts from eavesdropping. Evidence that the agency has deliberately plotted to weaken the security of communication infrastructure, he added, was particularly alarming. “Even if you love the NSA and you say you have nothing to hide, you should be against a policy that introduces security vulnerabilities,” Nohl said, “because once NSA introduces a weakness, a vulnerability, it’s not only the NSA that can exploit it.”
  • The AURORAGOLD operation is carried out by specialist NSA surveillance units whose existence has not been publicly disclosed: the Wireless Portfolio Management Office, which defines and carries out the NSA’s strategy for exploiting wireless communications, and the Target Technology Trends Center, which monitors the development of new communication technology to ensure that the NSA isn’t blindsided by innovations that could evade its surveillance reach. The center’s logo is a picture of the Earth overshadowed by a large telescope; its motto is “Predict – Plan – Prevent.”
  • The NSA documents reveal that, as of May 2012, the agency had collected technical information on about 70 percent of cellphone networks worldwide—701 of an estimated 985—and was maintaining a list of 1,201 email “selectors” used to intercept internal company details from employees. (“Selector” is an agency term for a unique identifier like an email address or phone number.) From November 2011 to April 2012, between 363 and 1,354 selectors were “tasked” by the NSA for surveillance each month as part of AURORAGOLD, according to the documents. The secret operation appears to have been active since at least 2010.
  • By covertly monitoring GSMA working groups in a bid to identify and exploit security vulnerabilities, the NSA has placed itself into direct conflict with the mission of the National Institute for Standards and Technology, or NIST, the U.S. government agency responsible for recommending cybersecurity standards in the United States. NIST recently handed out a grant of more than $800,000 to GSMA so that the organization could research ways to address “security and privacy challenges” faced by users of mobile devices. The revelation that the trade group has been targeted for surveillance may reignite deep-seated tensions between NIST and NSA that came to the fore following earlier Snowden disclosures. Last year, NIST was forced to urge people not to use an encryption standard it had previously approved after it emerged NSA had apparently covertly worked to deliberately weaken it.
  • The NSA focuses on intercepting obscure but important technical documents circulated among the GSMA’s members known as “IR.21s.” Most cellphone network operators share IR.21 documents among each other as part of agreements that allow their customers to connect to foreign networks when they are “roaming” overseas on a vacation or a business trip. An IR.21, according to the NSA documents, contains information “necessary for targeting and exploitation.” The details in the IR.21s serve as a “warning mechanism” that flag new technology used by network operators, the NSA’s documents state. This allows the agency to identify security vulnerabilities in the latest communication systems that can be exploited, and helps efforts to introduce new vulnerabilities “where they do not yet exist.” The IR.21s also contain details about the encryption used by cellphone companies to protect the privacy of their customers’ communications as they are transmitted across networks. These details are highly sought after by the NSA, as they can aid its efforts to crack the encryption and eavesdrop on conversations.
  • One of the prime targets monitored under the AURORAGOLD program is the London-headquartered trade group, the GSM Association, or the GSMA, which represents the interests of more than 800 major cellphone, software, and internet companies from 220 countries. The GSMA’s members include U.S.-based companies such as Verizon, AT&T, Sprint, Microsoft, Facebook, Intel, Cisco, and Oracle, as well as large international firms including Sony, Nokia, Samsung, Ericsson, and Vodafone. The trade organization brings together its members for regular meetings at which new technologies and policies are discussed among various “working groups.” The Snowden files reveal that the NSA specifically targeted the GSMA’s working groups for surveillance.
  • Last year, the Washington Post reported that the NSA had already managed to break the most commonly used cellphone encryption algorithm in the world, known as A5/1. But the information collected under AURORAGOLD allows the agency to focus on circumventing newer and stronger versions of A5 cellphone encryption, such as A5/3. The documents note that the agency intercepts information from cellphone operators about “the type of A5 cipher algorithm version” they use, and monitors the development of new algorithms in order to find ways to bypass the encryption. In 2009, the British surveillance agency Government Communications Headquarters conducted a similar effort to subvert phone encryption under a project called OPULENT PUP, using powerful computers to perform a “crypt attack” to penetrate the A5/3 algorithm, secret memos reveal. By 2011, GCHQ was collaborating with the NSA on another operation, called WOLFRAMITE, to attack A5/3 encryption. (GCHQ declined to comment for this story, other than to say that it operates within legal parameters.)
  • The extensive attempts to attack cellphone encryption have been replicated across the Five Eyes surveillance alliance. Australia’s top spy agency, for instance, infiltrated an Indonesian cellphone company and stole nearly 1.8 million encryption keys used to protect communications, the New York Times reported in February.
  • The NSA’s documents show that it focuses on collecting details about virtually all technical standards used by cellphone operators, and the agency’s efforts to stay ahead of the technology curve occasionally yield significant results. In early 2010, for instance, its operatives had already found ways to penetrate a variant of the newest “fourth generation” smartphone-era technology for surveillance, years before it became widely adopted by millions of people in dozens of countries. The NSA says that its efforts are targeted at terrorists, weapons proliferators, and other foreign targets, not “ordinary people.” But the methods used by the agency and its partners to gain access to cellphone communications risk significant blowback. According to Mikko Hypponen, a security expert at Finland-based F-Secure, criminal hackers and foreign government adversaries could be among the inadvertent beneficiaries of any security vulnerabilities or encryption weaknesses inserted by the NSA into communication systems using data collected by the AURORAGOLD project.
  • Vines, the NSA spokeswoman, told The Intercept that the agency was committed to ensuring an “open, interoperable, and secure global internet.” “NSA deeply values these principles and takes great care to honor them in the performance of its lawful foreign-intelligence mission,” Vines said.
  • Documents published with this article: AURORAGOLD – Project Overview AURORAGOLD Working Group IR.21 – A Technology Warning Mechanism AURORAGOLD – Target Technology Trends Center support to WPMO NSA First-Ever Collect of High-Interest 4G Cellular Signal AURORAGOLD Working Aid WOLFRAMITE Encryption Attack OPULENT PUP Encryption Attack NSA/GCHQ/CSEC Network Tradecraft Advancement Team
  • Paul Merrell on 06 Dec 14
     
    Notice that they've cracked even 4G.
Paul Merrell

Aleksej Gubarev, of Russia's Webzilla, says hacking charges false | McClatchy DC - 0 views

www.mcclatchydc.com/...article125910774.html

Trump 35-pages Gubarev

shared by Paul Merrell on 13 Jan 17 - No Cached
  • A Russian venture capitalist and tech expert whose name and company are mentioned in the now-notorious document alleging connections between the Donald Trump campaign and Russian hackers says no intelligence officers have ever contacted him about the accusations, which he says are false.A report compiled by a former Western intelligence official as opposition research against Trump was made public Tuesday when BuzzFeed posted its 35 pages. The document included unsubstantiated claims of collusion between the Trump campaign team and the Kremlin.
  • It also alleged that global tech firm XBT Holding, with operations in Dallas, was instrumental in the hack of leaked Democratic Party emails that embarrassed Hillary Clinton and fellow Democrats.XBT, owner of Dallas-based enterprise-hosting company Webzilla, is run by a successful Russian tech startup expert, Aleksej Gubarev. In a phone interview from Cyprus, where he said he’d lived since 2002, Gubarev said he was surprised to see his name in the report.“I don’t know why I was there,” Gubarev said, adding that perhaps a competitor sought to discredit him. “I still don’t understand the true reason for this report.”The salacious innuendoes in the periodic reports about Trump’s personal life dominated social media headlines. The mention of Webzilla and Gubarev was among the more specific allegations: that XBT and affiliates “had been using botnets and porn traffic to transmit viruses, plant bugs, steal data and conduct ‘altering operations’ against the Democratic Party leadership.” Gubarev said he operated 75,000 servers across the globe and got real-time information if there had been hacking or illicit activity tied to his businesses. There is no evidence of that, he said, adding that no one has contacted him.“I have a physical office in Dallas. Nobody contacted me,” said Gubarev, adding that 40 percent of his business is handled over the servers it runs in Dallas and the United States accounts for about 27 percent of his global business.
  • McClatchy has reported that Sen. John McCain, R-Ariz., gave the bulk of the report to FBI Director James Comey on Dec. 9. The final pages of the report are dated Dec. 11. McClatchy had the report earlier but couldn’t verify any of its allegations. A federal law enforcement source told McClatchy that the document was being examined as part of a broader FBI inquiry into Russia’s influence on the U.S. election but wouldn’t characterize its credibility. A source familiar with the former Western intelligence expert who compiled the dossier told McClatchy that the ex-spy has extensive experience in tracking activities in the Kremlin.The report alleges that Gubarev and another hacking expert were recruited under duress by the FSB, the Russian intelligence-agency successor to the KGB. Gubarev said he had not been threatened or blackmailed, nor had his mother, who lives in Russia.
  • ...2 more annotations...
  • XBT offers an array of tech services, from dedicated hosting of servers and cloud-based storage to developing apps for mobile phones and offering virtual private servers. His company advertises specialized services to software developers, advertisers, gaming companies and electronic-commerce enterprises. It also operates data centers in Russia, Asia, Europe and Dallas.
  • If law enforcement wants to talk with him, Gubarev said, his door is open.“I’m ready for any investigation. I’m ready to cooperate with everybody, he said.
Paul Merrell

NSA contracted French cyber-firm for hacking help - RT USA - 0 views

rt.com/...nsa-vupen-exploit-hack-978

surveillance state NSA NSA-methods exploit-purchases

shared by Paul Merrell on 28 Mar 14 - No Cached
  • The latest revelation regarding the National Security Agency doesn't come courtesy of Edward Snowden. A Freedom of Information Act request has confirmed the NSA contracted a French company that makes its money by hacking into computers. It's no secret that the United States government relies on an arsenal of tactics to gather intelligence and wage operations against its adversaries, but a FOIA request filed by Muckrock's Heather Akers-Healy has confirmed that the list of Uncle Sam's business partners include Vupen, a French-based security company that specializes in selling secret codes used to crack into computers. Documents responsive to my request to #NSA for contracts with VUPEN, include 12/month exploit subscription https://t.co/x3qJbqSUpa — Heather Akers-Healy (@abbynormative) September 16, 2013 Muckrock published on Monday a copy of a contract between the NSA and Vupen in which the US government is shown to have ordered a one-year subscription to the firm's “binary analysis and exploits service” last September.
  • That service, according to the Vupen website, is sold only to government entities, law enforcement agencies and computer response teams in select countries, and provides clients with access to so-called zero-day exploits: newly-discovered security vulnerabilities that the products' manufacturers have yet to discover and, therefore, have had zero days to patch-up. “Major software vendors such as Microsoft and Adobe usually take 6 to 9 months to release a security patch for a critical vulnerability affecting their products, and this long delay between the discovery of a vulnerability and the release of a patch creates a window of exposure during which criminals can rediscover a previously reported but unpatched vulnerability, and target any organization running the vulnerable software,” Vupen says elsewhere on their website. Last year, Vupen researchers successfully cracked Google's Chrome browser, but declined to show developers how they did so — even for an impressive cash bounty. “We wouldn’t share this with Google for even $1 million,” Vupen CEO Chaouki Bekrar told Forbes' Andy Greenberg of the Chrome hack in 2012. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”
  • And why the NSA and other clients may benefit from being privy to these vulnerabilities, knowing how to exploit security holes in adversarial systems is a crucial component to any government's offensive cyber-operations. Last month, the Washington Post published excerpts from the previously secretive “black budget,” a closely guarded ledger listing the funding requests made by America's intelligence community provided by NSA leaker Edward Snowden. According to that document, a substantial goal of the US in fiscal year 2013 was to use a portion of $52.6 billion in secretive funding towards improving offensive cyber-operations.
  • ...1 more annotation...
  • The portion of the contract obtained by Muckrock where the cost of the subscription is listed has been redacted, but a Vupen hacker who spoke to Greenberg last year said deals in the five-figures wasn't uncommon. "People seem surprised to discover that major government agencies are acquiring Vupen's vulnerability intelligence," Bekrar wrote in an email to Information Week's Matthew Schwartz after the NSA contract with his signature was published. "There is no news here, governments need to leverage the most detailed and advanced vulnerability research to protect their infrastructures and citizens against adversaries." Critics of Vupen and its competitors see government-waged cyber-operations in a different light, however. Christopher Soghoian of the American Civil Liberties Union's Speech, Privacy and Technology Project has spoken outright against companies that sell exploits and have equated the computer codes being sold for big money as a new sort of underground arms trade fueling an international, online battle. To Greenberg last year, Soghoian described Vupen as  a “modern-day merchant of death” selling “the bullets for cyberwar," and upon publishing of the NSA contract called the company a “cyber weapon merchant.” The NSA is a customer of French 0-day cyber weapon merchant VUPEN, FOIA docs reveal: (via @ramdac & @MuckRockNews) https://t.co/OPJ82miK3c — Christopher Soghoian (@csoghoian) September 16, 2013
Paul Merrell

Legislative Cyber Threats: CISA's Not The Only One | Just Security - 0 views

www.justsecurity.org/...egislative-cyber-threats-cisas

shared by Paul Merrell on 31 Jul 15 - No Cached
  • If anyone in the United States Senate had any doubts that the proposed Cyber Information Sharing Act (CISA) was universally hated by a range of civil society groups, a literal blizzard of faxes should’ve cleared up the issue by now. What’s not getting attention is a CISA “alternative” introduced last week by Sens. Mark Warner (D-Va) and Susan Collins (R-Me). Dubbed the “FISMA Reform Act,” the authors make the following claims about the bill:  This legislation would allow the Secretary of Homeland Security to operate intrusion detection and prevention capabilities on all federal agencies on the .gov domain. The bipartisan bill would also direct the Secretary of Homeland Security to conduct risk assessments of any network within the government domain. The bill would allow the Secretary of Homeland Security to operate defensive countermeasures on these networks once a cyber threat has been detected. The legislation would strengthen and streamline the authority Congress gave to DHS last year to issue binding operational directives to federal agencies, especially to respond to substantial cyber security threats in emergency circumstances.
  • The bill would require the Office of Management and Budget to report to Congress annually on the extent to which OMB has exercised its existing authority to enforce government wide cyber security standards. On the surface, it actually sounds like a rational response to the disastrous OPM hack. Unfortunately, the Warner-Collins bill has some vague or problematic language and non-existent definitions that make it potentially just as dangerous for data security and privacy as CISA. The bill would allow the Secretary of Homeland Security to carry out cyber security activities “in conjunction with other agencies and the private sector” [for] “assessing and fostering the development of information security technologies and capabilities for use across multiple agencies.” While the phrase “information sharing” is not present in this subsection, “security technologies and capabilities” is more than broad — and vague — enough to allow it.
  • The bill would also allow the secretary to “acquire, intercept, retain, use, and disclose communications and other system traffic that are transiting to or from or stored on agency information systems and deploy countermeasures with regard to the communications and system traffic.”
  • ...2 more annotations...
  • The bill also allows the head of a federal agency or department “to disclose to the Secretary or a private entity providing assistance to the Secretary…information traveling to or from or stored on an agency information system, notwithstanding any other law that would otherwise restrict or prevent agency heads from disclosing such information to the Secretary.” (Emphasis added.) So confidential, proprietary or other information otherwise precluded from disclosure under laws like HIPAA or the Privacy Act get waived if the Secretary of DHS or an agency head feel that your email needs to be shared with a government contracted outfit like the Hacking Team for analysis. And the bill explicitly provides for just this kind of cyber threat analysis outsourcing:
  • (3) PRIVATE ENTITIES. — The Secretary may enter into contracts or other agreements, or otherwise request and obtain the assistance of, private entities that provide electronic communication or information security services to acquire, intercept, retain, use, and disclose communications and other system traffic in accordance with this subsection. The bill further states that the content of your communications, will be retained only if the communication is associated with a known or reasonably suspected information security threat, and communications and system traffic will not be subject to the operation of a countermeasure unless associated with the threats. (Emphasis added.) “Reasonably suspected” is about as squishy a definition as one can find.
  • Paul Merrell on 31 Jul 15
     
    "The bill also allows the head of a federal agency or department "to disclose to the Secretary or a private entity providing assistance to the Secretary…information traveling to or from or stored on an agency information system, notwithstanding any other law that would otherwise restrict or prevent agency heads from disclosing such information to the Secretary."" Let's see: if your information is intercepted by the NSA and stored on its "information system" in Bluffdale, Utah, then it can be disclosed to the Secretary of DHS or any private entity providing him/her with assistance, "notwithstanding any other law that would otherwise restrict or prevent agency heads from disclosing such information to the Secretary." And if NSA just happens to be intercepting every digital bit of data generated or received in the entire world, including the U.S., then it's all in play, "notwithstanding any other law that would otherwise restrict or prevent agency heads from disclosing such information to the Secretary.". Sheesh! Our government voyeurs never stop trying to get more nude pix and videos to view.  
Paul Merrell

Edward Snowden asks for asylum in Ecuador: live updates | World news | guardian.co.uk - 0 views

www.guardian.co.uk/...n-leaves-hong-kong-moscow-live

surveillance state NSA Snowden asylum Ecuador

shared by Paul Merrell on 23 Jun 13 - No Cached
  • The NSA whistleblower left Hong Kong on an Aeroflot flight to Moscow, two days after the US charged him with espionage, before applying for asylum in Ecuador
  • WikiLeaks has released a statement claiming that Snowden is "bound for Ecuador" and is awaiting the processing of his application for asylum:  Mr Edward Snowden, the American whistleblower who exposed evidence of a global surveillance regime conducted by US and UK intelligence agencies, has left Hong Kong legally. He is bound for the Republic of Ecuador via a safe route for the purposes of asylum, and is being escorted by diplomats and legal advisors from WikiLeaks. Mr Snowden requested that WikiLeaks use its legal expertise and experience to secure his safety. Once Mr Snowden arrives in Ecuador his request will be formally processed. Former Spanish Judge Mr Baltasar Garzon, legal director of Wikileaks and lawyer for Julian Assange has made the following statement: "The WikiLeaks legal team and I are interested in preserving Mr Snowden’s rights and protecting him as a person. What is being done to Mr Snowden and to Mr Julian Assange - for making or facilitating disclosures in the public interest - is an assault against the people".
  • It’s past midnight in Hong Kong and late evening in Moscow, so time for a summary of the events so far on a day of extraordinary drama: • Edward Snowden, the NSA contractor whose revelations to the Guardian about the scale and scope of US spying and hacking activities has prompted global headlines, has fled Hong Kong and is now in Moscow. • His plane arrived in Russia shortly after 5pm local time. Snowden is not believed to have a Russian visa and is thought to be staying overnight at a capsule hotel inside Moscow's Sheremetyevo airport after reportedly being met on the tarmac by diplomatic cars.
  • ...2 more annotations...
  • • Snowden was allowed to leave despite the US having filed a request for Hong Kong to arrest him. Hong Kong’s government said the documents sent by Washington did not fully meet legal requirements, the statement added, so Snowden was allowed to leave. It has since been reported that the US revoked Snowden’s passport on Saturday. It is not clear how he was allowed to leave Hong Kong if this happened. • Snowden is reportedly booked on a flight on Monday from Moscow to Havana, after which he is believed to be heading for another Latin American destination, reported variously as Venezuela or Ecuador. • The Ecuadorean ambassador to Russia is at the airport but said he had not met Snowden and was not entirely sure where he is.  • WikiLeaks has claimed in tweets it "assisted Mr Snowden's political asylum in a democratic country" and that its "legal advisers" are with him, including Sarah Harrison, a WikiLeaks staffer.
  • • There has been an angry reaction in the US to news of Snowden’s departure. Keith Alexander, head of the NSA, called Snowden “an individual who is not acting, in my opinion, with noble intent". • Snowden's departure came on the same day the South China Morning Post carried detailed reports of claims from him about US actions against China, including allegations of the hacking of phone text messages. China has said it is “gravely concerned” about the revelations. The country’s Xinhua news agency called the US “the biggest villain in our age" when it comes to hacking.
  • Paul Merrell on 23 Jun 13
     
    My favorite part so far, NSA head Gen. Keith Alexander called Snowden "an individual who is not acting, in my opinion, with noble intent". Let's consider for a moment that as a U.S. Army officer, Gen. Alexander, initially and upon each promotion, was required to "solemnly swear (or affirm) that I will support and defend the Constitution of the United States against all enemies, foreign and domestic, that I will bear true faith and allegiance to the same; that I take this obligation freely, without any mental reservations or purpose of evasion; and that I will well and faithfully discharge the duties of the office upon which I am about to enter; So help me God."  http://www.army.mil/values/officers.html So what part of "support and defend the Constitution of the United States" is it that he didn't catch? U.S. military officers are required by law to disobey illegal commands. Can this man seriously believe that his mission does not violate the U.S. Constitution?  The Fourth and Fifth Amendments were direct reactions to the British Army's practice of invading Colonist's homes at will. destroying their privacy and seizing anything in sight including its residents, their papers, their personal effects, and their property without judicial warrant or due process and just compensation. But that is just what Gen. Alexander assists in. He is a usurper of our Constitution. But let's compare the courage of Edward Snowden and Keith Alexander: "Common experience shows how much rarer is moral courage than physical bravery.  A thousand men will march to the mouth of the cannon where one man will dare espouse an unpopular cause." - Clarence Darrow   "Few are willing to brave the disapproval of their fellows, the censure of the colleagues, the wrath of their society. Moral courage is a rarer commodity than bravery in battle or great intelligence. Yet it is the one essential, vital quality for those who seek to change a world that yields most painfully to change." -
Paul Merrell

Putin orders Russian officials relatives studying abroad to return home - YouTube - 0 views

www.youtube.com/watch

war & peace Russia signs-of-war U.S.-foreign-policy

shared by Paul Merrell on 14 Oct 16 - No Cached
  • Russia is ordering all of its officials to fly home any relatives living abroad amid heightened tensions over the prospect of global war, it has been claimed.Politicians and high-ranking figures are said to have received a warning from president Vladimir Putin to bring their loved-ones home to the 'Motherland', according to local media.It comes after Putin cancelled a planned visit to France amid a furious row over Moscow's role in the Syrian conflict and just days after it emerged the Kremlin had moved nuclear-capable missiles near to the Polish border.Former Soviet leader Mikhail Gorbachev has also warned that the world is at a 'dangerous point' due to rising tensions between Russia and the US.According to the Daily Star, administration staff, regional administrators, lawmakers of all levels and employees of public corporations have been ordered to take their children out of foreign schools immediately.Failure to act will see officials jeopardising their chances of promotion, local media has reported.The exact reason for the order is not yet clear.But Russian political analyst Stanislav Belkovsky is quoted by the Daily Star as saying: 'This is all part of the package of measures to prepare elites to some 'big war'.' Relations between Russia and the US are at their lowest since the Cold War and have soured in recent days after Washington pulled the plug on Syria talks and accused Russia of hacking attacks.
  • The Kremlin has also suspended a series of nuclear pacts, including a symbolic cooperation deal to cut stocks of weapons-grade plutonium. Just days ago, it was reported that Russia had moved nuclear-capable missiles near to the Polish border as tensions escalated between the world’s largest nation and the West.The Iskander missiles sent to Kaliningrad, a Russian enclave on the Baltic Sea between Nato members Poland and Lithuania, are now within range of major Western cities including Berlin.Polish officials – whose capital Warsaw is potentially threatened – have described the move as of the 'highest concern'. Putin's decision to cancel his Paris visit came a day after French President Francois Hollande said Syrian forces had committed a 'war crime' in the battered city of Aleppo with the support of Russian air strikes.Putin had been due in Paris on October 19 to inaugurate a spiritual centre at a new Russian Orthodox church near the Eiffel Tower, but Hollande had insisted his Russian counterpart also took part in talks with him about Syria.The unprecedented cancellation of a visit so close to being finalised is a 'serious step... reminiscent of the Cold War', said Russian foreign policy analyst Fyodor Lukyanov.'This is part of the broader escalation in the tensions between Russia and the West, and Russia and NATO,' he told AFP.The Kremlin has also been angered over the banning of the Russian Paralympic team from the Rio Olympics amid claims of state-sponsored doping of its athletes.
  • Meanwhile, the top advisor to US presidential candidate Hillary Clinton has said the FBI is investigating Russia's possible role in hacking thousands of his personal emails.But Russian officials have vigorously rejected accusations of meddling in the US presidential elections and dismissed allegations that Moscow was behind a series of recent hacks on US institutions. Retired Russian Lt. Gen. Evgeny Buzhinsky told the BBC: 'Of course there is a reaction. As far as Russia sees it, as Putin sees it, it is full-scale confrontation on all fronts. If you want a confrontation, you'll get one.'But it won't be a confrontation that doesn't harm the interests of the United States. You want a confrontation, you'll get one everywhere.'Earlier this week British Foreign Secretary Boris Johnson waded into the row, calling for anti-war campaigners to protest outside the Russian embassy in London.Johnson said the 'wells of outrage are growing exhausted' and anti-war groups were not expressing sufficient outrage at the conflict in Aleppo.'Where is the Stop the War Coalition at the moment? Where are they?' he said during a parliamentary debate.
Paul Merrell

CNN apologizes for commentator who called WikiLeaks founder a 'pedophile' | McClatchy DC - 0 views

www.mcclatchydc.com/...article124566504.html

WIkileaks Assange libel Dark-State harrassment

shared by Paul Merrell on 07 Jan 17 - No Cached
  • In fact, the pedophile allegation has little to do with Assange’s plight that has kept him in the embassy in London, which involves incidents in Stockholm in the summer of 2010.
  • Rather, it is a bizarre tale involving a Houston-based dating website and its global and well-funded efforts to discredit Assange around the globe. The byzantine saga involves disconnected telephones and mystery websites. The website, toddandclare.com, launched and ramped up its efforts against Assange during the U.S. presidential campaign, as WikiLeaks released hacked emails related to the campaign of Democratic nominee Hillary Clinton.Whoever is behind the dating site has marshaled significant resources to target Assange, enough to gain entry into a United Nations body, operate in countries in Europe, North America and the Caribbean, conduct surveillance on Assange’s lawyer in London, obtain the fax number of Canada’s prime minister and seek to prod a police inquiry in the Bahamas.The dating site’s campaign sought to thwart WikiLeaks’ efforts and discredit Assange, who played a role in a presidential campaign season that deeply divided the U.S. electorate and illuminated Russia as a major cyber adversary of the U.S. government.One part of toddandclare’s two-pronged campaign put a megaphone to unproven charges that Assange made contact with a young Canadian girl in the Bahamas through the internet with the intention of molesting her. The second part sought to entangle him in a plan to receive $1 million from the Russian government.
  • WikiLeaks claims the dating site is “a highly suspicious and likely fabricated” company. In turn, the company has lashed out at Assange and “his despicable activities against American national security,” and warned journalists to “check with your libel lawyers first before printing anything that could impact or endanger innocent people’s lives.”For nearly two months after the October allegations, toddandclare.com went off line. But it recently reappeared, repeating charges about the 8-year-old Canadian girl. The website did not immediately respond Thursday to a new query from McClatchy, and no respondent in the past has given a name or allowed telephone contact.The online company paints itself as all-American. Online material says its founders, Todd and Clare Hammond, “are an average American couple from Michigan, who met in the eighth grade.” In 2011, the company says, the Christian couple started an email dating service, and “have married 3,000 couples to date.” Their online network began in 2015, and a statement it filed to a U.N. body says it has “100,000+ female singles” in six countries. The company’s operating address is a warehouse loading dock in Houston. Its mail goes to a Houston drop box. Its phone numbers no longer work. WikiLeaks says Texas officials tell it the entity is not registered there either under toddandclare.com or a parent company, T&C Network Solutions.A person who answered emails to the website in November declined to identify him or herself.
  • ...5 more annotations...
  • The people behind toddandclare.com persuaded a U.N. body known as the Global Compact to give it status as a participant in May, and it submitted an eight-page report to the U.N. group Oct. 4 carefully laying out its allegations against Assange. The firm was delisted by the U.N. body eight days later amid controversy over its claims. The report was later taken off the internet. An Australian lawyer, Melinda Taylor, said the report’s precise language raised additional suspicions at WikiLeaks, where she assists Assange in human rights litigation.“This is not a report that’s been drafted by a dating agency. It’s highly legalistic and very structured. It’s the language of someone who has drafted complex legal submissions,” she said.Under Todd Hammond’s name, the report alleged that Assange’s Swedish lawyer had reached out in June to offer Assange’s services on a campaign against rape in exchange for an undisclosed amount of bitcoin. It said the two sides held two videoconferences.Then came the bombshell: It said the company had ended ties with Assange following “pedophile crimes” he had committed in the Bahamas in late September. It charged that the victim was the 8-year-old daughter of a Canadian couple on a monthlong yachting vacation. The father went to police in Nassau on Sept. 28, the report claimed, charging that his family held video and chat logs showing Assange “internet grooming” the child and “propositioning the 8-year-old juvenile ‘to perform oral and anal sex acts.’ ”It said Assange made a connection to the child’s 22-year-old sister, who was a client of the online dating site, from his refuge in London, eventually gaining access to the young girl.
  • An assistant commissioner for the Royal Bahamas Police Force, Stephen Dean, said “there is no investigation” into any such incident and that the police have received no evidence that such an incident occurred.“We got a phone call of someone giving us some information. But we never had a face-to-face. It could have been a hoax,” Dean said. “We don’t know.”If someone were in possession of video or chat logs about a pedophile crime, he or she did not provide them to Bahamian police, Dean said, which he said would be odd: “If you have something so significant, I think you’d want to leave a report.”Assange’s Swedish lawyer, Per Samuelson, wrote to the U.N. body on Oct. 10 alleging that Hammond’s report against Assange was “entirely false” in all its facets and that he had had no contact with the dating site or Hammond.Even as authorities in the Bahamas dismissed the report, the dating site sent a fax Oct. 17 to Canadian Prime Minister Justin Trudeau saying the Canadian family had fled the Bahamas due to “anti-white, racist abuse by Bahamian police.”“Julian Assange ... has started a smear campaign to claim our dating company is behind an elaborate scam. It is fully to be expected. Pedophiles are devious and cunning,” the fax said.The company said it would “continue to protect the family’s identity, until either the (Royal Bahamas Police Force) conduct a proper investigation, or hell freezes over. Whichever comes first.”
  • The fax was signed, “The Todd and Clare Team,” and left no way to contact the firm.While the founders of toddandclare.com say they’ve been in the matchmaking business since 2011, their internet presence dates only to September 2015 and really got going only early last year. Those who have done work for the company say they were kept at arm’s length.By summer, in the run-up to what many expected to be an “October surprise” from WikiLeaks to make an impact on the U.S. election, toddandclare.com began moving against Assange in multiple countries simultaneously. The DNC and a cyber-threat intelligence firm it had hired, CrowdStrike, were already fingering Russia as behind the hacks that would provide the fodder for WikiLeaks. They’d said in June that Russian hackers had access to DNC servers for about a year.A company representative, identifying herself as Hannah Hammond, emailed Assange’s Swedish and British legal agents offering $1 million for him to appear in a five-minute tongue-in-cheek television advertisement. In a subsequent exchange Sept. 19, the representative wrote that “the source of the $1,000,000 is the Russian government.”In a curious twist, she offered what she said were three facts about Assange’s London attorney that are “unknown to the public,” including details inside her home and an event in her son’s life, suggesting a capability to conduct surveillance.Taylor, the Assange lawyer, said the details appeared “to create the impression that the members of his team were under close surveillance and/or to bolster the bona fides of the claim that the offer was linked to a State. Its inclusion does appear quite menacing.”
  • A lawyer identifying himself only as “James” responded the next day, slamming the offer as an “elaborate scam designed to entrap” Assange and embarrass him for ties to Russia.The dating site representative sought to pull the veil off “James.”“Julian: We know it’s you writing. The offer expires at midnight, October 31st 2016,” she wrote back on Sept. 21, according to copies of the emails posted by WikiLeaks on its website.By early October, toddandclare.com went on the offensive. It filed a civil complaint in a British court against Assange, seeking 295 pounds sterling – about $359 – in damages because it said it could no longer use his services due to the “child sex offenses in Nassau.”The suit, said Taylor, Assange’s lawyer, “seems to be designed to evade defamation law in the U.K. They’ve put highly noxious information knowing that it would be made public.”The global tussle between the online dating company and WikiLeaks went public in mid-October when the anti-secrecy group voiced public doubt on whether toddandclare.com actually existed, or served only as a vehicle to attack Assange.
  • The announcement opened the gates for a disparate crew of internet sleuths – some motivated by hatred of Clinton and others impelled by support for WikiLeaks – to probe into the history of toddandclare.com, suspicious that the dating site might be an undercover operation with links to the Clinton campaign.Posting their findings on the discussion websites like Reddit.com, they unearthed some curious coincidences. A perusal into the archives of the internet revealed that the Hammonds had once occupied a San Francisco building later rented to a company, Premise Data, whose co-founder has ties to Clinton and her top supporters.Moreover, a telephone number once registered to a Todd Hammond later was registered to a former Premise employee, Aaron Dunn, although with a different area code.Premise co-founder David Soloff said such findings could only be coincidences.“I want to reiterate that Premise has no connection with this case. And beyond confirming that Aaron Dunn worked at Premise until 2014, I don’t know the answer to any of your questions,” Soloff wrote in an email.
Paul Merrell

Did NSA, GCHQ steal the secret key in YOUR phone SIM? It's LIKELY * The Register - 0 views

www.theregister.co.uk/...mpany_to_steal_keys_to_kingdom

shared by Paul Merrell on 15 Mar 15 - No Cached
  • The NSA and Britain's GCHQ hacked the world's biggest SIM card maker to harvest the encryption keys needed to silently and effortlessly eavesdrop on potentially millions of people. That's according to documents obtained by surveillance whistleblower Edward Snowden and leaked to the web on Thursday. "Wow. This is huge – it's one of the most significant findings of the Snowden files so far," computer security guru Bruce Schneier told The Register this afternoon. "We always knew that they would occasionally steal SIM keys. But all of them? The odds that they just attacked this one firm are extraordinarily low and we know the NSA does like to steal keys where it can." The damning slides, published by Snowden's chums at The Intercept, detail the activities of the as-yet unheard-of Mobile Handset Exploitation Team (MHET), run by the US and UK. The group targeted Gemalto, which churns out about two billion SIM cards each year for use around the world, and targeted it in an operation dubbed DAPINO GAMMA.
  • Gemalto's hacking may also bring into question some of its other security products as well. The company supplies chips for electronic passports issued by the US, Singapore, India, and many European states, and is also involved in the NFC and mobile banking sector. It's important to note that this is useful for tracking the phone activity of a target, but the mobile user can still use encryption on the handset itself to ensure that some communications remain private. "Ironically one of your best defenses against a hijacked SIM is to use software encryption," Jon Callas, CTO of encrypted chat biz Silent Circle told The Register. "In our case there's a TCP/IP cloud between Alice and Bob and that can deal with compromised routers along the path as well as SIM issues, and the same applies to similar mobile software."
  • On Wednesday the UK government admitted that its intelligence agencies had in fact broken the ECHR when spying on communications between lawyers and those suing the British state, so GCHQ might want to reconsider that statement.
Paul Merrell

Inside TAO: The NSA's Shadow Network - SPIEGEL ONLINE - 0 views

www.spiegel.de/...lobal-networks-a-940969-3.html

surveillance state NSA TAO NSA-methods parallel-internet must-read

shared by Paul Merrell on 30 Dec 13 - No Cached
  • The insert method and other variants of QUANTUM are closely linked to a shadow network operated by the NSA alongside the Internet, with its own, well-hidden infrastructure comprised of "covert" routers and servers. It appears the NSA also incorporates routers and servers from non-NSA networks into its covert network by infecting these networks with "implants" that then allow the government hackers to control the computers remotely. (Click here to read a related article on the NSA's "implants".) In this way, the intelligence service seeks to identify and track its targets based on their digital footprints. These identifiers could include certain email addresses or website cookies set on a person's computer. Of course, a cookie doesn't automatically identify a person, but it can if it includes additional information like an email address. In that case, a cookie becomes something like the web equivalent of a fingerprint.
  • Once TAO teams have gathered sufficient data on their targets' habits, they can shift into attack mode, programming the QUANTUM systems to perform this work in a largely automated way. If a data packet featuring the email address or cookie of a target passes through a cable or router monitored by the NSA, the system sounds the alarm. It determines what website the target person is trying to access and then activates one of the intelligence service's covert servers, known by the codename FOXACID. This NSA server coerces the user into connecting to NSA covert systems rather than the intended sites. In the case of Belgacom engineers, instead of reaching the LinkedIn page they were actually trying to visit, they were also directed to FOXACID servers housed on NSA networks. Undetected by the user, the manipulated page transferred malware already custom tailored to match security holes on the target person's computer. The technique can literally be a race between servers, one that is described in internal intelligence agency jargon with phrases like: "Wait for client to initiate new connection," "Shoot!" and "Hope to beat server-to-client response." Like any competition, at times the covert network's surveillance tools are "too slow to win the race." Often enough, though, they are effective. Implants with QUANTUMINSERT, especially when used in conjunction with LinkedIn, now have a success rate of over 50 percent, according to one internal document.
  • At the same time, it is in no way true to say that the NSA has its sights set exclusively on select individuals. Of even greater interest are entire networks and network providers, such as the fiber optic cables that direct a large share of global Internet traffic along the world's ocean floors. One document labeled "top secret" and "not for foreigners" describes the NSA's success in spying on the "SEA-ME-WE-4" cable system. This massive underwater cable bundle connects Europe with North Africa and the Gulf states and then continues on through Pakistan and India, all the way to Malaysia and Thailand. The cable system originates in southern France, near Marseille. Among the companies that hold ownership stakes in it are France Telecom, now known as Orange and still partly government-owned, and Telecom Italia Sparkle. The document proudly announces that, on Feb. 13, 2013, TAO "successfully collected network management information for the SEA-Me-We Undersea Cable Systems (SMW-4)." With the help of a "website masquerade operation," the agency was able to "gain access to the consortium's management website and collected Layer 2 network information that shows the circuit mapping for significant portions of the network."
  • ...3 more annotations...
  • It appears the government hackers succeeded here once again using the QUANTUMINSERT method. The document states that the TAO team hacked an internal website of the operator consortium and copied documents stored there pertaining to technical infrastructure. But that was only the first step. "More operations are planned in the future to collect more information about this and other cable systems," it continues. But numerous internal announcements of successful attacks like the one against the undersea cable operator aren't the exclusive factors that make TAO stand out at the NSA. In contrast to most NSA operations, TAO's ventures often require physical access to their targets. After all, you might have to directly access a mobile network transmission station before you can begin tapping the digital information it provides.
  • To conduct those types of operations, the NSA works together with other intelligence agencies such as the CIA and FBI, which in turn maintain informants on location who are available to help with sensitive missions. This enables TAO to attack even isolated networks that aren't connected to the Internet. If necessary, the FBI can even make an agency-owned jet available to ferry the high-tech plumbers to their target. This gets them to their destination at the right time and can help them to disappear again undetected after as little as a half hour's work.
  • Sometimes it appears that the world's most modern spies are just as reliant on conventional methods of reconnaissance as their predecessors. Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called "load stations," agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer. These minor disruptions in the parcel shipping business rank among the "most productive operations" conducted by the NSA hackers, one top secret document relates in enthusiastic terms. This method, the presentation continues, allows TAO to obtain access to networks "around the world."
  • Paul Merrell on 30 Dec 13
     
    From page 3 of a 3-page article. The entire article is well worth reading. I chose this page to bookmark because of its disclosure that NSA is intercepting new computers before they are delivered and installing hardware and software backdoors, then reshipping them to their intended recipients. Although not mentioned, this implies the complicity of package shipment companies and conceivably government mail systems and original equipment manufacturers ("OEMs").  
1 - 20 of 29 Next ›
Showing 20 items per page